Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.

Affected Packages

RubyGems chloride

Affected versions: 0 (fixed in 0.3.0)

Related CVEs

CVE-2018-6517

Key Information

GHSA ID

GHSA-573x-jhqh-jg36

Published

March 25, 2019 4:16 PM

Last Modified

September 17, 2022 12:57 AM

CVSS Score

7.5 /10

Primary Ecosystem

RubyGems

Primary Package

chloride

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.